Archive for 2009

PowerShell : How do I look up AdminCount for AdminSDHolder and SDPROP ?

What is the AdminSDHolder and SDPROP ? Ever wonder what controls the native permissions on the security principal such as Domain Admins and Administrators in Active Directory ? What if an owner changes the permission these entities have ? The permissions do come back. They must. John Policelli had a great article on the subject [...]

Share/Bookmark

posted in Active Directory, PowerShell, Windows Server 2008 R2 by Rick

    • How many DFL and FFL are there now ?

    As named “domain modes” in Windows 2000 time, Domain Functional Level and Forest Functional Level (introduced in Windows Server 2003) list has grown with the inception of two new Windows Server 2008 functional levels. While Domain Functional Level limits the OS of the DCs, a raise to the Forest Functional Level (in a multi-domain environment) [...]

    Share/Bookmark

    posted in Active Directory, Windows Server 2008, Windows Server 2008 R2 by Rick

    • Free e-book on Virtualization Solutions from Microsoft

    You can get a free e-book in PDF format authored by Mitch Tulloch from Microsoft. This book covers Hyper-V, App-V, VDI and SCVMM 2008. Click below to register and download your copy.                         Also, in this month’s issue of Technet magazine, there is an [...]

    Share/Bookmark

    posted in Hyper-V, System Center by Rick

    • Exchange 2010 goes Release Candidate today !

    You can get an evaluation copy here.       Scott Schnoll had a great post on how to install the beta, with all the gotchas and a long list of pre-reqs. http://blogs.technet.com/scottschnoll/archive/2009/04/15/how-to-install-exchange-server-2010.aspx As Exchange 2010 will only run on Windows Server 2008 (64bit only), there were some known issues with the beta version with [...]

    Share/Bookmark

    posted in Exchange, Group Policy, Windows Server 2008, Windows Server 2008 R2 by Rick

    • No RIDs for you (the RODC) !

    Says the RID Master FSMO to a RODC. If you recall the RID Master’s sole job is to make sure that duplicate SIDs are not issued by domain controllers. Whenever a DC needs to create a SID, it takes the next available value from its own RID pool to create the SID with a unique [...]

    Share/Bookmark

    posted in Active Directory, Windows Server 2008 by Rick

    • What is Active Directory Management Gateway Service (ADMGS)?

    Windows Server 2008 R2 provides a web service that is required by ADAC and native AD-Cmdlets of PowerShell, that service in known as ADWS and its part of proverbial ADMGS framework. So ADMGS equals ADWS out-of-box. The service lets Server 2008 R2 AD PowerShell cmdlets and other applications work against the DCs with ADMGS installed. [...]

    Share/Bookmark

    posted in Active Directory, PowerShell, Windows Server 2008 R2 by Rick

  • What is ADRAP Scoping Tool ?

    Microsoft earlier this month released the AD Risk Assessment Program Scoping Tool to public. My look at it tells me that this tool essentially more fancily does what ADRAP Sutiability Scripts did, which came with ADRAP Snapshot Tool, which of course came when you had the official ADRAP engagement. ADRAP could be extremely benefical for any [...]

    Share/Bookmark

    posted in Active Directory, Windows by Rick

  • Is there a GUI to manage AD Recycle Bin ?

    Much has been said about the manageability of AD Recycle Bin in Windows Server 2008 R2 via the Microsoft’s intended way i.e via PoSH cmdlets. Though this option stays to be only enable-able via PowerShell, the ability to restore objects (the process of reanimation of objects in earlier ADs) has been extended to GUI by [...]

    Share/Bookmark

    posted in Active Directory, Windows Server 2008 R2 by Rick

  • How do I enable the Active Directory Recycle Bin in Windows Server 2008 R2 ?

    Launch the PowerShell under Administrator’s account context, and type this cmdlet. Enable-ADOptionalFeature -Identity ‘CN=Recylcle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=yourdomain,DC=com Read and understand the warning of this action’s irreversebility, and hit “Y” for yes to continue. In following screenshot I show you an error not neccesarily applicable to you, the cmdlet complained about not being able [...]

    Share/Bookmark

    posted in Active Directory, PowerShell, Windows Server 2008 R2 by Rick

  • Getting started with Server Core is easier now in R2

    Perhaps, inspired by Guy’s utility ‘Server Core Configurator’. There is now a menu driven utility call SCONFIG.exe in R2 version of Server Core. This allows you to do all the initial configuration tasks, such as rename the computer, join to domain, set an new IP or DNS, or enabled the RDP etc. Previously you had [...]

    Share/Bookmark

    posted in Server Core, Windows Server 2008 R2 by Rick

  • How do I perform an offline domain join in Windows Server 2008 R2 ?

    As briefly discussed before, a feature to offline domain join machines is available in Windows Server 2008 R2. The utility is called “djoin.exe” which is used to perform this task. Here is an official blurb on what the offline domain join is what it would be used for and then I will show you how [...]

    Share/Bookmark

    posted in Active Directory, General, PowerShell, Windows Server 2008 R2 by Rick

  • Active Directory Best Practices Analyzer (ADBPA)

    A couple years back someone made a recommendation on Microsoft Exchange Forums that equivalent to Exchange BPA, it would be nice for AD Admins to have an AD Best Practices Analyzer, this was passed on to the AD Team. Though I am not if this particular thread was the driver behind it, but starting in [...]

    Share/Bookmark

    posted in Active Directory, PowerShell, Windows Server 2008 R2 by Rick

  • What’s the Schema version of Windows Server 2008 R2 ?

    It is version 47 in RC and it may very well change when R2 gets RTM. You can check the objectVersion attribute of your current forest on the Schema Naming Context (NC) via ADSIedit.msc. Here are some older Schema versions. 13=Win2k 30=2003 31=2003R2 44=2008 Here is more detail of schema changes in Windows Server 2008 [...]

    Share/Bookmark

    posted in Active Directory, Windows Server 2008 R2 by Rick

  • The only valid review of Active Directory Design

    Who needs ADRAP or ADHC when you have this in front of you. This is a modification from me of  “Good code, Bad code”  originally from the author credited on the picture.                             Enjoy

    Share/Bookmark

    posted in Active Directory by Rick

  • Active Directory Scalability limits

    Have no more than 1200 DCs in your domain..say new scalability limits. I wonder if anyone realistically has reached that limit without a need to break down the domain into multiple domains/forest, this limitation lies in FRS’s ability to keep things sane with the SYSVOL replication. The new Active Directory Maximum Limits – Scalability recently [...]

    Share/Bookmark

    posted in Active Directory by Rick

    •  
    (c) 2008 - 2012 Shariq Sheikh. All Rights Reserved.